Title

Offline Mode enabled to cache queries for offline mode. (Cat II impact)

Discussion

InfoPath 2007 can function in online mode or offline mode. It can also cache queries for use in offline mode. If offline mode is used and cached queries are enabled, sensitive information contained in the cache could be at risk. By default, InfoPath is in online mode, but offline mode is available to users. Users can also cache queries for use in offline mode.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Office InfoPath 2007 -> Tools \ Options -> Advanced -> Offline “Offline Mode status” will be set to “Enabled (Enabled, InfoPath not in Offline Mode)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\InfoPath\Editor\Offline Criteria: If the value CachedModeStatus is REG_DWORD = 2, this is not a finding

Fix Text

The policy value for User Configuration -> Administrative Templates -> Microsoft Office InfoPath 2007 -> Tools \ Options -> Advanced -> Offline “Offline Mode status” will be set to “Enabled (Enabled, InfoPath not in Offline Mode)”.

Additional Identifiers

Rule ID: SV-18954r1_rule

Vulnerability ID: V-17758

Group Title: DTOO156 - Offline Mode Cache

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.